Bootstrap Gallery
  1. Home
  2. Markets

Arbitrum Security Council Freezes $71 Million in Ether Linked to Kelp DAO Exploit

A significant portion of the Kelp DAO exploit funds has been immobilized. Arbitrum's Security Council has frozen approximately $71 million worth of ether, transferring 30,766 ETH to an intermediary wallet on Monday night. This action was taken in response to the $292 million rsETH exploit that occurred on Saturday. The frozen funds are linked to the exploit and are now inaccessible without further governance action. The rsETH token, a liquid restaking token issued by KelpDAO, represents a user's position in restaked ether. The Arbitrum Security Council took emergency action to freeze the funds, acting on input from law enforcement regarding the exploiter's identity. The council executed the freeze without disrupting any Arbitrum users or applications. The transfer was completed at 11:26 p.m. ET on April 20, according to Arbitrum's statement. The stolen funds are no longer under the control of the original address. This move recovers about a quarter of the total amount drained from Kelp's LayerZero-powered bridge on Saturday. The attack, attributed to North Korea's Lazarus Group, exploited compromised verifier infrastructure, resulting in the theft of 116,500 rsETH. Arbitrum, a layer-2 blockchain, has a Security Council with emergency powers to take protective action in such scenarios. However, governance-level interventions on user funds are rare and controversial due to the introduction of discretionary control over an otherwise permissionless network. The freeze provides Kelp with a partial recovery option, in addition to any further actions law enforcement and chain-tracing firms can take. The ongoing dispute between Kelp and LayerZero over responsibility for the exploit has been escalated, with the $71 million freeze offsetting potential losses. Kelp is coordinating with ecosystem partners on a recovery fund and considering next steps, while LayerZero has not publicly commented on the Arbitrum freeze. The ability to freeze additional stolen funds depends on the attacker's movements of rsETH or its derivatives and whether other chains with similar emergency powers choose to act.